services/dns: init
This commit is contained in:
parent
0c076f9805
commit
584460b1c7
8 changed files with 199 additions and 92 deletions
|
@ -19,6 +19,7 @@
|
|||
./services/hasenloch.nix
|
||||
./services/syncthing.nix
|
||||
./services/monitoring.nix
|
||||
../../services/dns
|
||||
];
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
|
@ -54,6 +55,11 @@
|
|||
interface = "enp6s0";
|
||||
};
|
||||
|
||||
hexchen.dns.zones."hacc.space".subdomains.hainich = {
|
||||
A = [ (lib.head config.networking.interfaces.enp6s0.ipv4.addresses).address ];
|
||||
AAAA = [ (lib.head config.networking.interfaces.enp6s0.ipv6.addresses).address ];
|
||||
};
|
||||
|
||||
hacc.nftables.nat.enable = true;
|
||||
networking.nat.internalInterfaces = ["ve-+"];
|
||||
networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ];
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
hexchen.dns.zones."hacc.space".subdomains."pad".CNAME = [ "hainich.hacc.space" ];
|
||||
containers.codimd = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
hexchen.dns.zones."4future.dev".subdomains.waszumfff.CNAME = [ "hainich.hacc.space." ];
|
||||
|
||||
virtualisation.oci-containers.containers."ghost-waszumfff" = {
|
||||
autoStart = true;
|
||||
environment = {
|
||||
|
|
|
@ -2,11 +2,31 @@
|
|||
|
||||
let
|
||||
sources = import ../../../nix/sources.nix;
|
||||
|
||||
defaultDns = with pkgs.dns.combinators; {
|
||||
MX = [ (mx.mx 10 "mail.hacc.space.") ];
|
||||
TXT = [ (spf.strict [ "+mx" ]) ];
|
||||
};
|
||||
|
||||
dkim = txt: { subdomains."mail._domainkey".TXT = [ txt ]; };
|
||||
in {
|
||||
imports = [
|
||||
sources.nixos-mailserver.outPath
|
||||
];
|
||||
|
||||
hexchen.dns.zones = {
|
||||
"hacc.space" = {
|
||||
inherit (defaultDns) MX TXT;
|
||||
subdomains."mail".CNAME = [ "hainich.hacc.space" ];
|
||||
} // (dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bIWqIW2WO5jLy2oZbvAqfCAkO6y64HiQ1lI50M36zn7xaJlRAaXo9FNdEYW09TY2dUC2dNVT7AG6EypfjHN9WNwAYoZVQOBLigZW2h47gy3LV8/GoaJLhAMfJEyTdgQUJf+ScnLKD30CLpezcVChYWljRBE1NSAHyymS9Ty/1wIDAQAB");
|
||||
"infra4future.de" = {
|
||||
inherit (defaultDns) MX TXT;
|
||||
subdomains.discuss = defaultDns;
|
||||
} // (dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1KO8EiAcR57TbiVW/T57GVllZp1Kk7wlqXyRAPLqf4huk3S+KBlUtkv/6JW14jiaEnvZSWnh2B0HCdX11EdrCt9sprvbirYssUZdn2j7f4MN0fhQAxRqEFcN+zzVl90T6gqhH8Apu2LlYtFos2YisKNZcgUiuYT/Ba9bCwjnMbwIDAQAB");
|
||||
"4future.dev" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQM4k4kvqoEZDEAo+li7URJ+k4aFI4C7XTIqwBT7UAXL2wHPWUmHftudK7VfemdmHdSwVdiFqAs3fMZFXTgbctc5+zG0hB03yOpm42pcf+kkYb4lvXlRoloEorN+XP9PmyNdW14p6ikQGCV//v/nliiraOSrqPaCciB0C6bD7bwIDAQAB";
|
||||
# "4futu.re" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIORy3U05TE0yU/778OaXZ4JDQ5ztK8Set6mClIs8s4Wrtx53Fsq3ahmnglE7ypucsQ1N87Vfv+YjI/X/ndMAYcs8ZjuJRwUqFJnMADAPkPa4lwg3+AgNQYLQsjVpKTZAz83NWWQAZ9QwukgML8sU0cP33eJkiQJ27C/L7kQNlXQIDAQAB";
|
||||
# "hacc.earth" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwFuOQLtDRJU+0Q63GWZocTHwh3bSVjCV4ebgVTBmLxR48RmFqoz1LnYyTBqOGZTq5lvzJuoFcvpBGyJ+jBYNeQKsMY32BHJ0ju2e4nqTPR7SL8x5fBIAj0z2C5DFUnr5S0g+yPbwziQyos9qeJMy7XdtnrLboh635qPSGTgEY/QIDAQAB";
|
||||
};
|
||||
mailserver = {
|
||||
mailDirectory = "/data/mail";
|
||||
enable = true;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
hexchen.dns.zones."hacc.space".subdomains."mumble".CNAME = [ "hainich.hacc.space" ];
|
||||
services.murmur = {
|
||||
enable = true;
|
||||
logDays = -1;
|
||||
|
|
|
@ -5,5 +5,6 @@ in {
|
|||
imports = [
|
||||
./nftnat
|
||||
./decklink.nix
|
||||
"${sources.nix-hexchen}/modules/dns"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -13,6 +13,13 @@ let
|
|||
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
|
||||
});
|
||||
|
||||
dns = import (pkgs.fetchFromGitHub {
|
||||
owner = "kirelagin";
|
||||
repo = "nix-dns";
|
||||
rev = "v0.3.1";
|
||||
sha256 = "1ykmx6b7al1sh397spnpqis7c9bp0yfmgxxp3v3j7qq45fa5fs09";
|
||||
} + "/dns") { inherit pkgs; };
|
||||
|
||||
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
|
||||
decklink = callPackage ./decklink { kernel = ksuper.kernel; };
|
||||
});
|
||||
|
|
69
services/dns/default.nix
Normal file
69
services/dns/default.nix
Normal file
|
@ -0,0 +1,69 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
hexchen.deploy.groups = [ "dns" ];
|
||||
services.kresd.enable = lib.mkForce false;
|
||||
hexchen.dns = {
|
||||
enable = true;
|
||||
dnssec = {
|
||||
enable = true;
|
||||
doSplitSigning = true;
|
||||
};
|
||||
symlinkZones = true;
|
||||
allZones = with pkgs.dns.combinators; let
|
||||
common = {
|
||||
SOA = {
|
||||
nameServer = "ns1.infra4future.de.";
|
||||
adminEmail = "admin@infra4future.de";
|
||||
serial = 2020022102;
|
||||
};
|
||||
} // delegateTo [ "ns1.infra4future.de." "ns2.infra4future.de." ];
|
||||
|
||||
pages = a "95.217.84.3";
|
||||
minecraftSRV = port: target: { service = "minecraft"; proto = "tcp"; inherit port target; };
|
||||
|
||||
allZones = config.hexchen.dns.allZones;
|
||||
in {
|
||||
"infra4future.de" = common // {
|
||||
A = [ pages ];
|
||||
subdomains = {
|
||||
libocedrus.A = [ (a "95.217.84.23") ];
|
||||
|
||||
www.CNAME = [ (cname "hacc.4future.dev") ];
|
||||
|
||||
auth.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
cloud.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
discuss.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
listmonk.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
mattermost.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
onlyoffice.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
survey.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
wiki.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
|
||||
gitlab.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||
registry.CNAME = [ (cname "gitlab.infra4future.de.") ];
|
||||
ssh.CNAME = [ (cname "gitlab.infra4future.de.") ];
|
||||
|
||||
"_gitlab-pages-verification-code".TXT = [ "gitlab-pages-verification-code=3d9e1d733851cd8f7178330b62a5b783" ];
|
||||
"_gitlab-pages-verification-code.www".TXT = [ "gitlab-pages-verification-code=c0472d3d954e4586def9b20a237aa141" ];
|
||||
};
|
||||
};
|
||||
"hacc.space" = common // {
|
||||
inherit (allZones."infra4future.de".subdomains.libocedrus) A;
|
||||
subdomains = {
|
||||
wink.CNAME = [ (cname "infra4future.de.") ];
|
||||
};
|
||||
};
|
||||
"4future.dev" = common // {
|
||||
A = [ pages ];
|
||||
SRV = [ (minecraftSRV 25565 "minecraft.4future.dev.") ];
|
||||
subdomains = {
|
||||
"*".CNAME = [ (cname "libocedrus.4future.dev.") ];
|
||||
libocedrus.A = [ pages ];
|
||||
|
||||
minecraft.A = [ (a "95.217.84.23") ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue